- The “3 Legged Model” or “single firewall” – where the DMZ segment(s) are connected via a dedicated interface (or interfaces) and a single firewall implements traffic control rules between all of the network segments (the firewall could be a traditional firewall simply enforcing interface to interface rules or a “next generation” firewall implementing virtualized “zones” or other logical object groupings)
- The “Layered Model” or “dual firewall”- where the DMZ segment(s) are connected between two sets of firewalls, like a sandwich
Category Archives: End-user Focused
Interesting Talk on Post Quantum Computing Impacts on Crypto
3 Ways Clients are Benefiting from Our TigerTrax Platform Today
OK, so by now most folks know that we spent the last few years building out our own analytics platform, called TigerTrax™. Some folks know that we have been using it as a way to add impressive value to our traditional security offerings for the last couple of years. If you are a traditional assessment client, for example, you are likely seeing more threat data that is pinpoint accurate in your reports or you have been the beneficiary of some of the benefits of our passive technologies based on the platform, perhaps. If your organization hasn’t been briefed yet on our new capabilities and offerings, please let us know and we will book a time to sit down and walk you through what we believe is a game changing new approach to information security!
But, back to the message at hand. TigerTrax is already benefitting our clients in three very specific ways, and I wanted to take a moment to discuss them.
- First, as I alluded to above, many clients are now leveraging our Targeted Threat Intelligence (TTI) offerings in a variety of ways. TTI engagements come in two flavors, Comprehensive and Baseline. You can think of this as a passive security assessment that identifies threats against your organization based on a variety of meta data analysis, tracks your brand presence across the online world and identifies where it might be present in a vulnerable state, correlates known and unknown attack campaigns against your online presence, and has been hugely successful in finding significant risks against networks/applications and intellectual property. The capability extends to findings across the spectrum of risks, threats and vulnerabilities – yet does the work without sending a single packet to the target network environments! That makes this offering hugely popular and successful in assisting organizations with supply chain, vendor management security validation and M&A research. In fact, some clients are actively using this technique across vendors on a global scale.
- Second, TigerTrax has enabled MSI to offer security-focused monitoring of key employees and their online behaviors. From professional sports to futures/stock traders and even banking customer support teams – TigerTrax has been adapted to provide code of conduct monitoring, social media forensics and even customized mitigation training in near-real-time for the humans behind the keyboard. With so much attention to what your organization and your employees do online, how their stories spread and the customer interactions they power – this service has been an amazing benefit to customers. In some cases, our social media forensics have made the difference in reputational attacks and even helped defend a client against false legal allegations!
- Thirdly, TigerTrax has powered the development of MachineTruth™, a powerful new approach to network mapping and asset discovery. By leaning on the power of analytics and machine learning, this offering has been able to organize thousands of machine configurations and millions of lines of log files and a variety of other data source to re-create a visual map of the environment, an inventory of the hosts on the network, an analysis of the relationships between hosts/network segments/devices and perform security baselining “en masse”. All offline. All without deploying any hardware or software on the network. It’s simply amazing for organizations with complex networks (we’ve done all sizes – from single data centers to continent-level networks), helps new CIOs or network managers understand their environment, closes the gap between “common wisdom” of what your engineers think the network is doing and the “machine truth” of what the devices are actually doing, aids risk assessment or acquisition teams in their work and can empower network segmentation efforts like no other offering we have seen.
Those are the 3 key ways that TigerTrax customers are benefiting today. Many many more are on the roadmap, and throughout 2016 we will be bringing new offerings and capability enhancements to our clients – based on the powerful analytics TigerTrax provides. Keep an eye on the blog and our website (which will be updated shortly) for news and information. Better yet, give us a call or touch base via email and schedule a time to sit down and discuss how these new capabilities can best assist you. We look forward to talking with you!
— info (at) microsolved /dot/ com will get you to an account rep ASAP! Thanks for reading.
Old School Google Hacking Still Works…
Did some old school Google hacking last night.
“Filetype:xls & terms” still finds too much bad stuff.
Check for it lately for your organization?
Try other file types too. (doc/ppt/pdf/rtf, etc.)
Information leakage happens today, as it always has. Keeping an eye on it should be a part of your security program.
Ashley Madison Blackmail Campaigns Prowling Again
If you were involved in the Ashley Madison service, or know someone who was, it might be time to discuss the continuing issues of ongoing blackmail campaigns stemming from the breach. This article appeared this week in SC Magazine, reporting on just such a campaign, that has been potentially identified.
Please be aware that this is happening, and can represent a significant threat, especially for organizations associated with critical infrastructure, IP protection and/or government agencies.
If you, or someone you know, is being harassed or targeted by black mailers, here are some resources:
WikiHow Advice from the public.
Stay safe out there!
CMHSecLunch is Monday Oct 12
Remember: #CMHSecLunch is tomorrow. 11:30, Polaris.
Come out and hang with some of your friends. This free form event is open to the public and often includes hacking stuff, lock picking, deep technical discussions, projects, etc.
Check it out at the link below & bring a friend!
http://cmhseclunch.eventbrite.com
3 Things You Should Be Reading About
Just a quick post today to point to 3 things infosec pros should be watching from the last few days. While there will be a lot of news coming out of Derbycon, keep your eyes on these issues too:
1. Chinese PLA Hacking Unit with a SE Asia Focus Emerges – This is an excellent article about a new focused hacking unit that has emerged from shared threat intelligence.
2. Free Tool to Hunt Down SYNful Knock – If you aren’t aware of the issues in Cisco Routers, check out the SYNful Knock details here. This has already been widely observed in the wild.
3. Microsoft Revokes Leaked D-Link Certs – This is what happens when certificates get leaked into the public. Very dangerous situation, since it could allow signing of malicious code/firmware, etc.
Happy reading!
Podcast Episode 8 is Out
This time around we riff on Ashley Madison (minus the morals of the site), online privacy, OPSec and the younger generation with @AdamJLuck. Following that, is a short with John Davis. Check it out and let us know your thoughts via Twitter – @lbhuston. Thanks for listening!
You can listen below:
IoT Privacy Concerns
Lately, I’ve been amazed at how quickly the Internet of Things (IoT) has become a part of my life. Everything from speakers to a Crock-Pot (yes, a Crock-Pot) has been connected to my home wireless network at some point. As much as I enjoy all the conveniences that these devices provide me, I always consider the security implications prior to purchasing an Internet-connected device. It’s worthwhile to weigh the convenience of installing new Internet-connected equipment vs. the privacy issues that can occur if the device is compromised.
There have already been a variety of security issues stemming from the widespread adoption of IoT devices. Last fall, a website published links to over 73,000 unsecured camera throughout the world. These cameras monitored everything from shopping malls to people’s bedrooms. Without implementing proper controls around IoT devices, we will continue to see similar issues arise.
I don’t intend for this blog to scare people away from purchasing IoT devices. In fact, I will provide you with a few simple changes you can make to your IoT configurations that will reduce the privacy issues that can occur by installing an IoT system. These changes won’t necessarily diminish the conveniences you can gain by buying an Internet-connected thermostat or installing the latest IoT security camera. However, they will significantly reduce the risk associated with installing an IoT system.
A few recommendations for your new gadget:
- Change the default password – A majority of the aforementioned cameras were compromised because the owners did not change the system’s default password. By simply setting the password to something that will be difficult for an attacker to guess, you can reduce the risk of someone compromising your device.
- Segment – Try to isolate your IoT devices from the rest of your home network. It is very possible that an attacker would use an IoT system as an entry-point to gain access to other systems.
- Check for software updates – Make a routine to check for software/firmware updates for all of your IoT devices. These updates will often contain a security patch that can protect your system from being exploited.
- Do not expose the device directly to the Internet – There shouldn’t be a need to expose an IoT device directly to the Internet. This will provide an attacker a much larger surface to attempt to exploit your device. If the system requires that configuration, it is worthwhile to consider another option.
DOJ Best Practices for Breach Response
I stumbled on this great release from the US Department of Justice – a best practices guide to breach response.
Reading it is rather reminiscent of much of what we said in the 80/20 Rule of Information Security years ago. Namely, know your own environment, data flows, trusts and what data matters. Combine that with having a plan, beforehand, and some practice – and you at least get some decent insights into what your team needs and is capable of handling. Knowing those boundaries and when to ask for outside help will take you a long way.
I would also suggest you give our State of Security Podcast a listen. Episode 6, in particular, includes a great conversation about handling major breaches and the long term impacts on teams, careers and lives.
As always, if we can assist you in preparing a breach response process, good policies, performing those network mappings or running table top exercises (or deeper technical red team exercises), let us know. We help companies around the world master these skills and we have plenty of insights we would love to share!